diff options
| author | Philip P. Moltmann <moltmann@google.com> | 2016-12-15 12:28:41 -0800 |
|---|---|---|
| committer | Philip P. Moltmann <moltmann@google.com> | 2016-12-15 12:30:27 -0800 |
| commit | bfe95db54f1c346a8a14ce89a2a7825d6c2303bd (patch) | |
| tree | d1f6810ea9709047bfff1db1a371855bec4179e2 | |
| parent | 67c0db323f38ea8f61f9f734467edbcacd3c2279 (diff) | |
| download | libcups-bfe95db54f1c346a8a14ce89a2a7825d6c2303bd.tar.gz | |
Update libcups to v2.2.1
Test: Compared to manually checked out version
Change-Id: I93747a53f1035958bdd73b524795d13b8d72f8ae
| -rw-r--r-- | cups/cups.h | 4 | ||||
| -rw-r--r-- | cups/hash.c | 30 | ||||
| -rw-r--r-- | cups/http-addrlist.c | 26 | ||||
| -rw-r--r-- | cups/tls-gnutls.c | 112 |
4 files changed, 108 insertions, 64 deletions
diff --git a/cups/cups.h b/cups/cups.h index c9bea806..cef5697a 100644 --- a/cups/cups.h +++ b/cups/cups.h @@ -47,10 +47,10 @@ extern "C" { * Constants... */ -# define CUPS_VERSION 2.0200 +# define CUPS_VERSION 2.0201 # define CUPS_VERSION_MAJOR 2 # define CUPS_VERSION_MINOR 2 -# define CUPS_VERSION_PATCH 0 +# define CUPS_VERSION_PATCH 1 # define CUPS_BC_FD 3 /* Back-channel file descriptor for diff --git a/cups/hash.c b/cups/hash.c index 6b7b6dad..d52807ef 100644 --- a/cups/hash.c +++ b/cups/hash.c @@ -1,7 +1,7 @@ /* * Hashing function for CUPS. * - * Copyright 2015 by Apple Inc. + * Copyright 2015-2016 by Apple Inc. * * These coded instructions, statements, and computer programs are the * property of Apple Inc. and are protected by Federal copyright @@ -53,7 +53,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ } #ifdef __APPLE__ - if (strcmp(algorithm, "sha")) + if (!strcmp(algorithm, "sha")) { /* * SHA-1... @@ -70,7 +70,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA1_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-224")) + else if (!strcmp(algorithm, "sha2-224")) { CC_SHA256_CTX ctx; /* SHA-224 context */ @@ -83,7 +83,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA224_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-256")) + else if (!strcmp(algorithm, "sha2-256")) { CC_SHA256_CTX ctx; /* SHA-256 context */ @@ -96,7 +96,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA256_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-384")) + else if (!strcmp(algorithm, "sha2-384")) { CC_SHA512_CTX ctx; /* SHA-384 context */ @@ -109,7 +109,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA384_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-512")) + else if (!strcmp(algorithm, "sha2-512")) { CC_SHA512_CTX ctx; /* SHA-512 context */ @@ -122,7 +122,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA512_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-512_224")) + else if (!strcmp(algorithm, "sha2-512_224")) { CC_SHA512_CTX ctx; /* SHA-512 context */ unsigned char temp[CC_SHA512_DIGEST_LENGTH]; @@ -143,7 +143,7 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (CC_SHA224_DIGEST_LENGTH); } - else if (strcmp(algorithm, "sha2-512_256")) + else if (!strcmp(algorithm, "sha2-512_256")) { CC_SHA512_CTX ctx; /* SHA-512 context */ unsigned char temp[CC_SHA512_DIGEST_LENGTH]; @@ -171,22 +171,22 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ unsigned char temp[64]; /* Temporary hash buffer */ size_t tempsize = 0; /* Truncate to this size? */ - if (strcmp(algorithm, "sha")) + if (!strcmp(algorithm, "sha")) alg = GNUTLS_DIG_SHA1; - else if (strcmp(algorithm, "sha2-224")) + else if (!strcmp(algorithm, "sha2-224")) alg = GNUTLS_DIG_SHA224; - else if (strcmp(algorithm, "sha2-256")) + else if (!strcmp(algorithm, "sha2-256")) alg = GNUTLS_DIG_SHA256; - else if (strcmp(algorithm, "sha2-384")) + else if (!strcmp(algorithm, "sha2-384")) alg = GNUTLS_DIG_SHA384; - else if (strcmp(algorithm, "sha2-512")) + else if (!strcmp(algorithm, "sha2-512")) alg = GNUTLS_DIG_SHA512; - else if (strcmp(algorithm, "sha2-512_224")) + else if (!strcmp(algorithm, "sha2-512_224")) { alg = GNUTLS_DIG_SHA512; tempsize = 28; } - else if (strcmp(algorithm, "sha2-512_256")) + else if (!strcmp(algorithm, "sha2-512_256")) { alg = GNUTLS_DIG_SHA512; tempsize = 32; diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c index 6e2ad819..e9ef53ea 100644 --- a/cups/http-addrlist.c +++ b/cups/http-addrlist.c @@ -304,6 +304,8 @@ httpAddrConnect2( if (result > 0) { + http_addrlist_t *connaddr = NULL; /* Connected address, if any */ + for (i = 0; i < nfds; i ++) { # ifdef HAVE_POLL @@ -314,7 +316,7 @@ httpAddrConnect2( # endif /* HAVE_POLL */ { *sock = fds[i]; - addrlist = addrs[i]; + connaddr = addrs[i]; # ifdef DEBUG len = sizeof(peer); @@ -322,11 +324,29 @@ httpAddrConnect2( DEBUG_printf(("1httpAddrConnect2: Connected to %s:%d...", httpAddrString(&peer, temp, sizeof(temp)), httpAddrPort(&peer))); # endif /* DEBUG */ } - else +# ifdef HAVE_POLL + else if (pfds[i].revents & (POLLERR | POLLHUP)) +# else + else if (FD_ISSET(fds[i], &error)) +# endif /* HAVE_POLL */ + { + /* + * Error on socket, remove from the "pool"... + */ + httpAddrClose(NULL, fds[i]); + nfds --; + if (i < nfds) + { + memmove(fds + i, fds + i + 1, (size_t)(nfds - i) * (sizeof(fds[0]))); + memmove(addrs + i, addrs + i + 1, (size_t)(nfds - i) * (sizeof(addrs[0]))); + } + i --; + } } - return (addrlist); + if (connaddr) + return (connaddr); } #endif /* O_NONBLOCK */ diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index d5e639ea..9941e51e 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1371,34 +1371,46 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ if (hostname[0]) { /* - * First look for CA certs... + * First look in the CUPS keystore... */ - snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostname); - snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostname); - - if ((access(crtfile, R_OK) || access(keyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL) - { - /* - * Try just domain name... - */ - - hostptr ++; - if (strchr(hostptr, '.')) - { - snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr); - snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr); - } - } + http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, hostname, "crt"); + http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, hostname, "key"); if (access(crtfile, R_OK) || access(keyfile, R_OK)) { /* - * Then look in the CUPS keystore... - */ - - http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, hostname, "crt"); - http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, hostname, "key"); + * No CUPS-managed certs, look for CA certs... + */ + + char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */ + + snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostname); + snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostname); + + if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL) + { + /* + * Try just domain name... + */ + + hostptr ++; + if (strchr(hostptr, '.')) + { + snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr); + snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr); + } + } + + if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK)) + { + /* + * Use the CA certs... + */ + + strlcpy(crtfile, cacrtfile, sizeof(crtfile)); + strlcpy(keyfile, cakeyfile, sizeof(keyfile)); + } } have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK); @@ -1406,34 +1418,46 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ else if (tls_common_name) { /* - * First look for CA certs... + * First look in the CUPS keystore... */ - snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", tls_common_name); - snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", tls_common_name); - - if ((access(crtfile, R_OK) || access(keyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL) - { - /* - * Try just domain name... - */ - - hostptr ++; - if (strchr(hostptr, '.')) - { - snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr); - snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr); - } - } + http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, tls_common_name, "crt"); + http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, tls_common_name, "key"); if (access(crtfile, R_OK) || access(keyfile, R_OK)) { /* - * Then look in the CUPS keystore... - */ - - http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, tls_common_name, "crt"); - http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, tls_common_name, "key"); + * No CUPS-managed certs, look for CA certs... + */ + + char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */ + + snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", tls_common_name); + snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", tls_common_name); + + if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL) + { + /* + * Try just domain name... + */ + + hostptr ++; + if (strchr(hostptr, '.')) + { + snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr); + snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr); + } + } + + if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK)) + { + /* + * Use the CA certs... + */ + + strlcpy(crtfile, cacrtfile, sizeof(crtfile)); + strlcpy(keyfile, cakeyfile, sizeof(keyfile)); + } } have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK); |